[strongSwan] Please help this assign different ippool any problem?

Yanrui Hu yhu at appannie.com
Mon Oct 26 10:44:59 CET 2015


Guys,
I start a new thread cause this question is more specific.
To be simple, let me introduce the configuration:

In file: users
DEFAULT SQL-Group == "restricted", Pool-Name := "main_pool"
        Fall-Through = Yes

DEFAULT Pool-Name := "tc_pool"
Fall-Through = Yes

In file:modules/ippool
ippool main_pool {
            range-start = 172.16.10.1
            range-stop = 172.16.10.254
            netmask = 255.255.255.0
            cache-size = 254
            session-db = ${raddbdir}/db.ipmainpool
            ip-index = ${raddbdir}/db.ipmainindex
            override = no
            maximum-timeout = 0
    }
ippool tc_pool {
            range-start = 172.16.11.1
            range-stop = 172.16.11.254
            netmask = 255.255.255.0
            cache-size = 254
            session-db = ${raddbdir}/db.ipsecondarypool
            ip-index = ${raddbdir}/db.ipsecondaryindex
            override = no
            maximum-timeout = 0
    }
In file: site-enabled/default
under accounting and post-auth
      if (SQL-Group == "restricted") {
main_pool
     }
     else {
tc_pool
     }

I have put some user into restricted group in db. and want these users get
different ippool, but seems when use main_pool as above, vpn client can not
connect. Is there any reason that two ippool can not exist together?

-- 
Best Regards,

Yanrui Hu

-- 
*This email may contain or reference confidential information and is 
intended only for the individual to whom it is addressed.  Please refrain 
from distributing, disclosing or copying this email and the information 
contained within unless you are the intended recipient.  If you received 
this email in error, please notify us at legal at appannie.com 
<legal at appannie.com>** immediately and remove it from your system.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20151026/f90ab41d/attachment.html>


More information about the Users mailing list